Built to pass your security review.

Your keys, your data, and your stack stay yours. Here is exactly how Creogen handles each, in plain terms, with the documents to back it.

data handlingyour side

BYO keynever logged

Isolationper workspace

ResidencyEU / GDPR

Ownershipyou keep it all

01How we handle your data

Four commitments, in plain terms.

BYO keys are encrypted at rest, decrypted only in memory, and never appear in any client bundle or log.

No cross-tenant access. Your data and your logic stay yours, walled from everyone else.

Hosted in the EU, with a data processing addendum at kickoff and a right to delete.

Your CMS, hosting, model key, and content. No lock-in, no black box, no hostage data.

02Practices and documents

Data processing addendum signed at kickoff. See DPA.

Current subprocessors listed and kept up to date. See Subprocessors.

Audit log of every page action, model call, and key access.

SOC 2 is on the roadmap, not yet certified. We will say so until it is true.

Questions

Where is my model key stored?

Encrypted at rest, decrypted only in memory, and never written to any log or client bundle.

Where is my data hosted?

In the EU by default, with a data processing addendum signed at kickoff and a right to delete.

Are you SOC 2 certified?

Not yet. It is on the roadmap, and we will say so plainly until it is true.

Who can see my data?

Access is scoped per workspace with tenant isolation. There is no cross-tenant access, and every key use is logged.

Can we sign a DPA?

Yes. A data processing addendum is signed at kickoff, with EU hosting and a right to delete.

Teardown scanner ready

Drop a URL. We scan your AEO, brand, and migration gaps, score them, and show what they cost. One step, no deck.